Installing/Configure Mod Security In Apache For Security

Apache modsecurity module.

ModSecurity is an open-source intrusion detection and prevention engine for web applications. It can also be called as web application firewall. It operates embedded into the web server, acting as a powerful umbrella and shielding applications from attacks.

Installation of modsecurity.

You can get the latest stable release of modsecurity from http://www.modsecurity.org/download/. In this article, we will install modsecurity on Apache as a DSO module.

1. Unpack the distribution.

tar –xzf modsecurity-apache_2.6.6.tar.gz

2. Compile the module using apxs.

/usr/local/apache/bin/apxs –cia mod_security.c

Configuration of modsecurity.

ModSecurity configuration directives are added to your configuration file (typically httpd.conf) directly. These directives can be enclosed in a container tag. This allows Apache to ignore the configuration directives when the module is not active.

<IfModule mod_security.c>
# mod_security configuration directives
# ...
</IfModule>

But, it is better to include a separate modsecurity.conf for mod_security rules which will make us easier to handle it. This can be accomplished by adding the following line in Apache configuration file, httpd.conf:

Include conf/modsecurity.conf

Turning On Filtering Requests.

The filtering engine is disabled by default. To start monitoring requests, add the following to your configuration file:

SecFilterEngine On

Supported parameter values for this parameter are:

• On – analyse every request
• Off – do nothing
• DynamicOnly – deprecated as of 1.9.3

Some other basic configuration directives are:

• SecFilterScanPOST: When On, enables scanning the request body/POST payload.
• SecFilterScanOutput: When On, enables scanning the response body also.
• SecFilterCheckURLEncoding: To check URL encoding.
• SecRequestBodyAccess: To control request body buffering.
• SecresponseBodyLimitAction: To control what happens once the response body limit is reached.
• SecResponseBodyLimit: To specify the response body buffering limit.

Finally, you need to stop and start Apache for mod_security to make it active.

/usr/local/apache/bin/apachectl stop
/usr/local/apache/bin/apachectl start

There are lots more ways you can configure mod_security for better web server security.

Bobbin Zachariah 8:54 am

About Bobbin Zachariah

Founder of LinOxide, passionate lover of Linux and technology writer. Started his career in Linux / Opensource from 2000. Love traveling, blogging and listening music. Reach Bobbin Zachariah about me page and google plus page.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.